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DETAILED ACTION 

Examiner's Amendment 

An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this Examiner's Amendment was given in a telephone interview with 
Brian Kearns on 8 February 201 1 . 

This application has been amended as follows: 

IN THE CLAIMS 
Cancel claim 31. 

Replace claim 1, 12, 19, 22 and 28-30 as follows. 

1 . (Currently Amended) A method for provision of access for a data requesting 
entity to data related to a principal, comprising the following steps: 

creating , by a processor, an access granting ticket comprising^ 

(a) an access specification specifying a permission for an access to data related to the 
principal, said data being available at a data providing entity, 

(b) a principal identifier representing the principal towards the data providing entity, 
- encrypting the access granting ticke t, wherein the ticket comprises the access 
specification and the principal identifier, with an encryption key of the data providing 
entity, 
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- communicating to the data requesting entity the encrypted access granting ticket 
accompanied by an identifier of the data providing entity, 

- communicating from the data requesting entity to the data providing entity a request 
comprising the encrypted access granting ticket based on said communicated data 

- decrypting the encrypted access granting ticket with a decryption key of the data 
providing entity corresponding to the encryption key, 

- providing to the data requesting entity access to data related to the principal identifier 
according to the access specification. 

1 2. (Currently Amended) A principal entity for provision of access for a data 

requesting entity to data related to a principal, comprising^ 

a transmission unit for sending of messages and information and 

a processing unit , using a processor, for processing of messages and information, 

wherein the processing unit is configured to createffsll an access granting ticket comprising: 

(a) an access specification specifying a permission for an access to data related 
to the principal, said data being available at a data providing entity, and 

(b) a principal identifier representing the principal towards the data providing 

entity, 

the processing unit further configured to encrypt the access granting ticket , wherein the 
ticket comprises the access specification and the principal identifier, with an encryption key of 
the data providing entity in response to receiving, from the data providing entity, an encrypted 
access granting ticket accompanied by an identifier of the data providing entity , and 

the processing unit further configured t o obtain [[an]] the identifier of the data providing 
entity, and 

the transmission unit further configured to send[[s]] the encrypted access granting ticket 
accompanied by the identifier of the data providing entity to the data requesting entity. 
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1 9. (Currently Amended) A data requesting entity comprising^ 

a receiving unit for receiving messages and information; 

a transmission unit for sending of messages and information, and 

a processing unit , using a processor, for processing of messages and information, 

wherein the receiving unit is configured to receivers]] a first encrypted access granting 
ticket for provision of access to first data related to a principal, said first data being available at a 
first data providing entity, the first encrypted access granting ticket being accompanied by an 
identifier of the first data providing entity and 

wherein the receiving unit is further configured to receive a further encrypted access 
granting ticket for provision of access to further data related to the principal, said further data 
being available at a further data providing entity, the further encrypted access granting ticket 
being accompanied by a further identifier of the further data providing entity, 

wherein the processing unit is configured to oenerateffsll a first request comprising the 
first encrypted access granting ticket and a further request comprising the further encrypted 
access granting ticket s-base d on tho corr e spond i ng data prov i d i ng e nt i ty i d e nt i f ie r r e c ei v e d from 
th e f i rst or th e furth e r e ncrypt e d acc e ss grant i ng t i ckot, resp e ct i v el y, and 

wherein the transmission unit is configured to send[[s]] the first request to the first data 
providing entity and the further request to the further data providing entity , based on the 
corresponding data providing entity identifier received from the first or the further encrypted 
access granting ticket, respectively , and 

wherein the receiving unit is configured to receivers]] a first indication for access 
provision to the first data from the first data providing entity , in response to the first request, and 
a further indication for access provision to the further data , in response to the further request, 
from the further data providing entity. 

22. (Currently Amended) A data providing entity for provision of access to data 
related to a principal, the data providing entity comprising: 

a receiving unit for receiving messages and information, 

a transmission unit for sending of messages and information and communicating to a 
data requesting entity an encrypted access granting ticket accompanied by an identifier of the 
data providing entity, and 

a processing unit for processing of messages and information, 
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wherein the receiving unit is configured to receivers]] a request from a data requesting 
entity transmitted based on said accompanied data providing entity identifier in response to said 
communicated encrypted access granting ticket , the request comprising an access granting 
ticket encrypted with an encryption key of the data providing entity, the access granting ticket 
comprising an access specification specifying a permission for an access to data related to the 
principal, said data being available at the data providing entity, and a principal identifier 
representing the principal towards the data providing entity; 

wherein the processing unit is configured to decrypts]] the encrypted access granting 
ticket , which was received from the data requesting entity, with a decryption key of the data 
providing entity corresponding to the encryption key and 

wherein the processing unit is further configured to providers]] to the data requesting 
entity access to data related to the principal identifier according to the access specification. 

28. (Currently Amended) A non-transitory computer readable storage medium 
having stored thereon a plurality of instructions, the plurality of instructions including instructions 
which, when executed by a processor, cause the processor to perform the steps of a method, 
comprising: 

create an access granting ticket comprising an access specification specifying a 
permission for an access to data related to the principal, said data being available at a data 
providing entity, and a principal identifier representing a principal towards the data providing 
entity, 

[[to]] encrypting the access granting ticket , wherein the ticket comprises the access 
specification and the principal identifier, with an encryption key of the data providing entity, 

communicating to the data requesting entity the encrypted access granting ticket 
accompanied bv an identifier of the data providing entity. 

communicating from the data requesting entity to the data providing entity a request 
comprising the encrypted access granting ticket based on said communicated data providing 
entity identifier, 

decrypting the encrypted access granting ticket with a decryption key of the data 
providing entity corresponding to the encryption key, 

providing to the data reouesting entity access to data related to the principal identifier 
according to the access specification. 
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to obta i n i ng an i d e nt i f ie r of a data prov i d i ng e nt i ty, and to i n i t i at e a s e nd i ng of th e 
e ncrypt e d acc e ss grant i ng t i ck e t accompan ie d by th e i dent i f ie r of th e data prov i d i ng e nt i ty to th e 
data r e qu e st i ng e nt i ty. 

29. (Currently Amended) A non-transitory computer readable storage medium 
having stored thereon a plurality of instructions, the plurality of instructions including instructions 
which, when executed by a processor, cause the processor to perform the steps of a method, 
comprising: 

processing a first encrypted access granting ticket , received from a first data providing 
entity, for provision of access to first data related to a principal, said first data being available at 
[[an]] the first data providing entity, the first encrypted access granting ticket being accompanied 
by an identifier of the first data providing entity and 

[[to]] processing a further encrypted access granting ticket , received from a further data 
providing entity, for provision of access to further data related to the principal, said further data 
being available at [[an]] the further data providing entity, the further encrypted access granting 
ticket being accompanied by a further identifier of the further data providing entity, 

to g e n e rat e generating a first request comprising the first encrypted access granting 
ticket and a further request comprising the further encrypted access granting ticket wherein the 
access ticket is encrypted with an encryption key of the data providing entity, the access 
granting ticket comprising an access specification specifying a permission for an access to data 
related to the principal and 

to i n i t i ate initiating a sending of the first request to the first data providing entity and of 
the further request to the further data providing entity , based on the corresponding data 
providing entity identifier received from the first or the further encrypted access granting ticket, 
respectively , and 

[[to]] processing a first indication for access provision to the first data from the first data 
providing entity , in response to the first request, and a further indication for access provision to 
the further data , in response to the further request, from the further data providing entity. 



30. (Currently Amended) A non-transitory computer readable storage medium 
having stored thereon a plurality of instructions, the plurality of instructions including instructions 
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which, when executed by a processor, cause the processor to perform the steps of a method, 
comprising: 

communicating to a data requesting entity an encrypted access granting ticket 
accompanied by an identifier of the data providing entity; 

processing a request from a data requesting entity transmitted based on said 
accompanied data providing entity identifier in response to said communicated encrypted 
access granting ticket , the request comprising an access granting ticket encrypted with an 
encryption key of the data providing entity, the access granting ticket comprising an access 
specification specifying a permission for an access to data related to a principal, said data being 
available at the data providing entity, and a principal identifier representing the principal towards 
the data providing entity, 

[[to]] decrypting the encrypted access granting ticket , which was received from the data 
requesting entity, with a decryption key of the data providing entity corresponding to the 
encryption key and 

to prov i d e providing to the data requesting entity access to data related to the principal 
identifier according to the access specification. 

Allowable Subject Matter 

Claims 1 - 30 are allowed. 

The following is an examiner's statement of reasons for allowance: 
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of 
record fails to teach or render obvious the claimed limitations in combination with the specific 
added limitations recited in claims 1 , 12, 19, 22 and 28 - 30 (& associated dependent claims). 

Claims 1 , 1 2, 1 9, 22 and 28 - 30 are allowable in light of the Applicant's arguments and 
in light of the prior art made of record and Examiner Amendment. 
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Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The 
examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on (571) 272-7589. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Longbit Chai/ 

Primary Patent Examiner 
Art Unit 2431 
2/8/2011 



